QwikSec

Security Database

CVE

CWE

Training

CVE-2021-27365

Published: Mar 7, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2021/03/06/1

x_refsource_MISC

https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html

x_refsource_MISC

http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210409-0001/

x_refsource_CONFIRM

https://bugzilla.suse.com/show_bug.cgi?id=1182715

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2021-27365 - Security Vulnerability | QwikSec